Update to OpenSSL 3.0.16
We are glad to announce the release of VisualSVN and VisualSVN Server builds linked with OpenSSL 3.0.16 that contain fixes for the following vulnerabilities: CVE-2024-13176 and CVE-2024-9143.
Up-to-date VisualSVN Server installations that use Elliptic Curve Digital Signature Algorithm (ECDSA) TLS/SSL certificates are affected by CVE-2024-13176. This vulnerability potentially allows an attacker to reconstruct the private key via a timing side-channel attack. If your server uses an ECDSA certificate, updating to the latest build is strongly recommended.
Up-to-date VisualSVN installations are not affected by any of the aforementioned vulnerabilities. Nevertheless, updating to the new builds is recommended for all users.
Update for VisualSVN Server
Get the latest version of VisualSVN Server on the official download page. For the full list of changes, see the VisualSVN Server 5.4.4 changelog.
Choose an appropriate patch build if you do not want to perform a significant upgrade right now:
- VisualSVN Server 5.3.7 if you have version 5.3.x installed.
Other version families of VisualSVN Server are not supported and maintenance updates are not available for them. It is strongly recommended that you upgrade to VisualSVN Server 5.4.4 if you are using any version family older than 5.3.x. Please read the KB233: Upgrading to VisualSVN Server 5.4 article before upgrading.
Update for VisualSVN (a plug-in for Visual Studio)
On the official download page, please select an appropriate VisualSVN plug-in version with respect to your Visual Studio version:
- If you use Visual Studio 2022, update to VisualSVN 8.3.6
- If you use Visual Studio 2019, update to VisualSVN 7.4.6
- If you use Visual Studio 2017, update to VisualSVN 6.8.6
- If you use Visual Studio 2015 or older, update to VisualSVN 5.7.6
For the full list of changes, see the corresponding changelog entries for these plug-in versions: VisualSVN 8.3.6, VisualSVN 7.4.6, VisualSVN 6.8.6 and VisualSVN 5.7.6.